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1. INTRODUCTION 

With the rapid progress in communication technology, broadcasting images through networks has 
become routine. Digital image processing forms a large part of the data transmitted via the internet. However, 
illegal access to transmitted images is becoming a significant issue due to the capability of advanced 
computer processors. Therefore, securing images is essential for keeping the content of images confidential. 
Depending on the image application, image security against different types of attacks can be vital. 
Consequently, securing images involves information hiding, encryption, and steganography. Most encryption 
algorithms are used to protect sensitive information. The most notable example of image security is image 
encryption. Image encryption methods use several techniques, such as symmetric key encryption or public 
key encryption [1], [2]. In particular, image encryption methods are dependent on changes to pixel 
arrangement, called diffusion and confusion, which depend on changing the value of pixels. CAST 128 is a 
symmetric key encryption method which encrypts blocks of data, it was initiated by Carliste, Adams, and 
Stafford Tavared of Entrust Technology in 1996 [3]. CAST is based on sixteen rounds of a Feistel network 
that accepts key sizes ranging from 40 bits to 128 bits. It divides 64-bit plaintext into two sections: left-hand 
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32-bit and right-hand 32-bit. For the key scheduling process in CAST 128-bit, 16 pairs of sub-keys (Kmi and 
Kri) are computed from the key. Further, CAST 128 uses four primitive operations: addition (+) and 
subtraction (-) using modulo 232 arithmetic, bitwise ex-OR (^), and left circular rotation (<<<). CAST 128 
uses the function F, which involves the use of four S-boxes, a left circular operation and four operations 
functions. Each S-box is of size 8x32, the round number is determined by the left circular rotation operation 
and four operation functions [4]-[6]. The overall work of CAST 128 [7]. A magic square is used in many 
encryption techniques in order to increase security. The magic square can be defined as a square integer 
matrix that has the same sum values in row, column, and main diagonal. In other words, if the magic square 
is of order four, the magic sum value is 24. The numbers in the rows, columns, and principal diagonals of a 
magic square of the third order (3x3) add up to a magic sum of 12, as illustrated in Figure 1 [8], [9]. 


1 6 5 
8 4 0 
3 2 7 


Figure 1. Magic square of order 3 


The majority of encryption algorithms use logic functions with two operators (O and 1), such as 
XOR and ADD. The encryption methods used in these logic functions can be easily broken to retrieve the 
plaintext. Therefore, many researchers have proposed algorithms to overcome these problems. Such an 
algorithm would replace the XOR function with complex mathematical functions [10], [11]. This paper 
presents two modified proposals which are based on the CAST 128 algorithm and replace the XOR on the 
left side of Feistel CAST 128, the first is replaced by a magic square of order 3, while the second is replaced 
by an inverse matrix 3x3. These two proposals aim to enhance the mathematical operations in the CAST 128 
algorithm, thus increasing the encryption algorithm's security level. The remainder of the paper is structured 
as: section 2 presents some of the relevant literature reviews, section 3 explains the proposed modifications to 
the CAST 128-bit algorithm, and finally sections 4 and 5 present security analysis and conclusions, 
respectively. 


2. RELATED WORK 

There are numerous cryptography techniques in digital image encryption, such as symmetric 
cryptography, chaotic theory, and quantum cryptography. Image encryption techniques depend on two 
significant steps: the first alters pixel arrangements, while the second alters the values of the pixels. This 
section presents some of the most relevant related works on modifications to encryption algorithms using 
magic squares and inverse arrays that can be applied to digital images. Encryption algorithm proposed to 
improve the mix column and shift row in the original advanced encryption standard (AES) representing 
S-boxes, applying as S-boxes, and apply multiplication process inside the encryption [12]. While the inverse 
matrix is used inside the decryption, a modified AES is used for encrypting audio wave files. The 
applicability of evaluating a magic square matrix of any order for encryption and decryption is 
considered [13], [14]. However, the inclusion of 2.13 (factors of 26) has been the most significant limitation 
for the implementation of hill and magic square ciphers in cryptographically investigations, especially in the 
decryption process. The effectiveness of a cryptographic method is determined by the required time for 
encryption/decryption and the manner in which it generates distinct ciphertexts from plaintext. Weak magic 
squares (for even numbers, n) provide ciphertext that is maximally distinct from plaintext, as opposed to true 
magic squares. Encryption/decryption of any matrix of magic squares is made possible by the introduction of 
dummy letters in addition to the existing 26 letters in the english alphabet. The incorporation of selected 
dummy letters not only simplifies the encryption/decryption procedure but also eliminates duplicate letters 
(vowels) within a message. The encryption/decryption procedure has been improved and provides an 
additional layer of security to any public-key cryptosystem employing a magic square or a poor 
implementation of a magic square. 

The same is true for [15] where the proposed a development that combines symmetric cryptographic 
models, asymmetric cryptographic models, and a magic cube. In the construction phase, Diffie-Hellman was 
used to define the magic square category as odd, singly-even or doubly-even, both the starting number, and 
the difference of the value were determined. The Diffie-Hellman algorithm was utilized to determine the 
dimension of the magic cube's construction, the type of magic square (odd, singly-even, or doubly-even), the 
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starting number and the difference value, in addition to the face or dimension number used to generate the 
ciphering key for both parties. Thiagarajan et al. [16] developed a method of encrypting and decrypting a 
message using a key and a cyclic square matrix. This method can be used for any number of words with the 
most characters and longest word. The researchers additionally discussed how long the algorithm would take 
to run. The proposed algorithm is simple but would be difficult to break. Rahma and Abbas [17] explained an 
enhancement of the AES algorithm using different sizes of data matrices created by multiplying irreducible 
polynomials of different orders (2.4 and 8). In testing, these modifications provided effective security, as the use 
of multiple irreducible polynomials of different orders of degree increased the randomness efficiency and speed. 

Mohammed and Hasan [18] proposed method thats planned alterations to the operation of data 
encryption standard (DES) to ensure a high level of security. Among these modifications, is the 
implementation of matrix multiplication in place of the XOR operator. Moreover, each round employs four 
keys, two of which are obtained from the primary key and two of which are produced internally. The four 
keys are used in a specific order using round numbers. The primary key is derived from a 64-byte random 
string. This key is then enlarged and divided across 16 keys. Based on the mathematical theory of GF(2), the 
suggested algorithm improves upon the DES algorithm. Rather than the XOR technique, matrix 
multiplication is employed, which enables substitution and permutation of each multiplication process. The 
XOR technique also assists in reducing the time required for encryption and decryption. This method's 
effectiveness relies on the utilization of two diagonal key matrices created from the randomly generated 
primary key. The operations of the two dynamic internal keys, the matrix multiplication and the replacement 
of the previous XOR make it difficult to attack the known plaintext. Alattar and Rahma [19] considered 
developing encryption methods using an order 5 magic square. Both GF (P) and GF (2°) were used to encrypt 
text and images. With an arbitrary number of rounds added, the two modified algorithms were utilized, the 
first with a message length of 10 and the second with a message length of 14. The text from the first round 
served as the input text for the subsequent round through the use of a mask, which multiplied in the odd 
rounds and added in the even rounds. 


3. METHOD 

CAST is a problematic block encryption algorithm as it uses functions that are based on two binary 
operations (0 and 1) and XOR. In order to enhance the security of the algorithm against attacks, this paper 
proposes two new modifications to CAST 128. This is achieved by substituting the XOR function within the 
sixteen rounds of Feistel in the CAST 128-bit algorithm. The proposed alterations will be explained in the 
following sections. The CAST 128 method, a secret-key block cipher, has been modified in this work in an 
effort to improve performance. The modified CAST 128 algorithm is designed to increase security and 
decrease overall data encryption and decryption time. The goal of this study is to increase performance while 
maintaining the existing CAST 128 algorithm's security, simplicity and memory requirements. The CAST 
128 Feistel network's function F is the sole aspect of the proposed modification that has been altered. The 
very high-speed integration circuit hardware description language (VHDL) application was created to 
demonstrate the variations in the delay, as the change in the overall time required for encryption and 
decryption cannot be observed in software implementation. 


3.1. First proposal: CAST 128 with magic square 

This variation introduces a modification to the CAST 128-bit algorithm which aims to solve such 
issues by employing a magic square of order three in place of the XOR. This is achieved by substituting the 
ordinary XOR operation between the right side, after applying the function, and the left side in each round. 
When using a magic square for encryption, several steps must be followed: first, the magic square is created 
by utilizing magic square of order 3. Second, the mask is multiplied using the magic square. Finally, the 
summarisation of the specific row, column, and diagonal of the last matrix of order three is computed in the 
ciphertext, as shown in algorithm [8] which uses (1) to (6) for apply the summarisation. 


Key, + Key, + pl, = sum, (1) 
Pl, + Key, + plz = sum, (2) 
Key, + Pl, + Pl, = sum; (3) 
PL + Pl; + Ple = sum, (4) 
Key, + Keyz + Pl, = sums (5) 
Pl, + Key; + Pl, = sum, (6) 
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On the decryption side, the recipient has utilized the following steps to supplement the decryption 
procedure: first, an augmented matrix (AA) is constructed using the linear equation system of magic square 
of order 3, the ciphertext is swaped with the last column of the matrix (AA) by subtracting the last known 
value of the key, then reducing the matrix (AA) by deleting 1, 2, and 5 columns. The magic square of order 3 
is regenerated by replacing the plaintext with the result of the Gaussian elimination using the last known 
value of the key. To determine the number of rounds, the magic square is multiplied by the inverse of the 
encryption mask to gain the resulting algorithm [8]. The modified version of the suggested CAST algorithm 
is displayed for each round in Figure 2 and Algorithm 1. 


Plaintext 128 bit of CAST 128 | 


Right 32-bit 


Left 32-bit 


Function that used based on 
number round 


Figure 2. Proposed CAST 128-bit with magic square of order 3 


Algorithm 1: CAST 128 with magic square 
Input: plaintext pl,...ple4; key = key,...keyz2¢. 
Output: Ciphertext Ci,...Cig,. 

Step1. Key schedule: Calculate sixteen pairs of subkeys {Keyp Keyri} from Key. 

Step2. Divided 64 plaintext into left (L) 32-bit and right (R) 32-bit halves. 

Step3. Li and Ri can be calculated, where Li represents elements in matrix’s left and Ri represents elements 
in matrix’s right, as follows, for sixteen rounds: 

Li = Ri-1; 

Ri = apply magic square of order 3 ( L i-1 f(R i-1,KeYmi, Keyri)), where f is of Type 1, Type 2, or Type 3, 
depending on i. 

End for 

Step4. (R16, L16 ™Xc1...c64. 

Step5. Replace the final L16, R16 blocks and then combine them to find the cipher text. However, the 
rounds (and subsequently the sub-key pairs) are used to compute (L00, R00). 


3.1.1. Example 
Input: plaintext=5-5-5-5-5 and 5, output: ciphertext, selected key=1, 2, and 3. The magic square of 
order 3 will be filled with plaintext and key as: 


Pl 5 
Pl Pl 5 5 
Pl Pl | Pl 5 3 5 


Next, a mask is created to apply the encryption and decryption processes. 

- The encryption processes: after applying the multiplication operations between the magic square and the 
mask, calculating the six sums defined in (1) to (6) will serve as a visual representation of the encryption 
process: Sum 1=11, Sum 2=15, Sum 3=8, Sum 4=15, Sum 5=9, Sum 6=13. The value of the ciphertext 
supplied to the opposite side is represented by these sums. 
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- The decryption processes: the recipient will receive the encrypted text as well as the key for the 
decryption operation used to obtain the plaintext. The six unknowns will be imposed by X1—X6, where 
X1—X6 are new ciphers for decryption and the inverse mask will be used to obtain the plaintext. 


XI 
X2 X3 
X4 | X5 | X6 


3.2. Second proposal: CAST 128 with matrix and inverse 

The second method proposed in this paper replaces the XOR operation in each round of the original 
CAST 128-bit Feistel algorithm with a 2x2 matrix between the left and right sides (after applying the 
function). The modification on each round of the proposed algorithm is shown in Algorithm 2 and Figure 3. 
This modification is used for enhancing security level by using uses matrix inversion process instead of using 
normal XoR bit processing. 


Algorithm 2: CAST 128 with matrix 

Input: plaintext m1 1...m664; key= key1...key128. 

Output: cipher text c1...c64. 

Step1. Key-schedule: Calculate sixteen pairs of sub keys {Key n;, Keyri} from Key. 

Step2. Divided 64 plaintext into 32-bit segments on the left (L) and right (R). 

Step3. Li and Ri can be calculated, where Li represents elements in matrix’s left and Ri represents elements 
in matrix’s right, as follows, for sixteen rounds: 

Lii = Rii-1; 

Rii = apply matrix 2x 2 (Lii-1 f (Rii-1, KeYmi, Key,;}), where f is of Type 11, Type 22, or Type 33, 
depending on i. 

End for 

Step4. (R16, L16}*c1...c64). 

Step5. To create the encrypted text, replace the final L16 and R16 blocks, then merge them. 

The encryption procedure described above is utilised for both encryption and decryption, however the rounds 
(and therefore the sub keys pairs) are employed in reverse order to computer (LOO, ROO) from (R116, L116). 


Plaintext 128 bit of CAST 128 


Left 32-bit Right 32-bit 


Function that used based on 
number round 


Figure 3. Proposed CAST 128-bit with matrix 2x2 


3.2.1. Example compute matrix with mode prime 251 in encryption side 
The folowing example clarifietes how apply multiplication operation between 32-bit of plaintext and 
key based on matrix with mode prime 252 in encryption side of CAST 128 algorithm. 


Ploo | Plo. Keyoo | Keyou1 
Plio | Plia Keyio | Keyii 
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(Plo,oxKeyo,o+Plo,ox Keyo,1) mod prime number | (Plo,ox Keyo,o+Plo,oxĶeyo,1) mod prime number 
(Pli oxKey1,0+Pl1,1 x Keyi,1) mod prime number | (Plo,ox Keyo,0+Po,0xKĶo,1) mod prime number 


Result PlxKey= 


where inverse matrix used in decryption side 


-1 
f o alis p 


4. SECURITY METRICS 

This section presents the results of the proposed algorithms. The proposed algorithms are implemented 
using C# and MATLAB. Five PNG and JPEG colour images were employed. To evaluate the performance of 
the proposed methods, several security tests based on the original and encrypted image were performed. 


4.1. Complexity 

Encryption algorithms are uncover to numerous types of attacks, like brute force attacks in which 
the assailant attempts all probale keys to break the algorithm and retrieve the original text. As such, the 
layout of the proposed algorithm rises resilience versus this type of attack by increasing the complexity of the 
algorithm. The complexity of the original CAST 128-bit algorithm is computed as: 
2x(2)8x32x2=2x(2)8x25x2=2)5. The security of the CAST 128-bit algorithm with the magic square is 
calculated using the additional key and magic square: 2x(2)’x48x2x(256)°x(2)§x3x9=27’x(256)°x3x9. 
Finally, the security of the CAST 128-bit with matrix algorithm is calculated based on employing matrix 
2x2: (2!)!78x(27)94x(24)32x(2!)!6x32x2x2x2. 


4.2. Time consuming 

One of the most important security indicators for any encryption system's precision is encryption 
time. The accuracy of encryption is inversely correlated with encryption time, meaning that the more quickly 
an algorithm can encrypt data, the more effective it will be. The CAST with magic square outperforms other 
algorithms when comparing the encryption times required by CAST and CAST with matrix. Results are 
obtained by comparing the two proposed algorithms using five colour images as shown in Table 1. 


Table 1. Time execution for two proposed 
CAST with magic square of order3 CAST with magic matric 2x2 


Image name 


Time for enc. Time for dec. Time for enc. Time for dec. 
Lena 12 26 24 48 
Cat 36 29 52 45 
Airplane 16 56 40 62 
Fruit 9 16 28 49 
Peppers 6 15 19 37 


4.3. Histogram metric 

Another useful statistical test is a histogram, which is used to show the distribution of pixels in 
images that occur at various intensity values. A strongly encrypted image must have a uniform histogram to 
resist any statistical cryptanalysis [20], [21]. Figure 4 displays the histograms of both original images and 
encrypted images. The histogram of the ciphered image differs in all components (red, green, and blue) from 
the plain image. Figure 4 shows the proposed algorithms get good results where the encrypted images using 
two proposed encryption methods (Lena and airplane), show uniform distribution of image points. 


4.4. Correlation coefficient analysis 

The correlation coefficient is used to measure the encryption quality of the proposed algorithms. The 
correlation coefficient is 1 when images are highly connected and the correlation coefficient is almost 0 when 
images are encrypted. In the horizontal, vertical, and diagonal axes, there is typically a high correlation 
between the neighbouring pixels of the original image. The correlation coefficients of the pixels in the 
encrypted image can be made to have a sufficiently low correlation using an ideal encryption technique to 
defend against statistical attacks. The correlation coefficient can be computed using (7) [22]—[24]: 


C= E[(x-Mx)(y-My)] 
~ SxSy 


(7) 


Bulletin of Electr Eng & Inf, Vol. 13, No. 1, February 2024: 377-387 


Bulletin of Electr Eng & Inf ISSN: 2302-9285 Oo 383 


In which M, and M, represent the mean of x and y respectively and E(.) represents expectancy. 
The standard deviations of x and y are denoted by S, and S, respectively. Table 2 presents the values of the 


correlation coefficient for the encrypted images generated by the two proposed modifications in three 
directions: horizontal and vertical. 


Lena image Histogram of Lena image 


1120 
1100 
1080 
106 


1040 


ANN 


Histogram of encrypted Lena image using CAST Histogram of encrypted Lena image using CAST with 


with magic square matrix 


poo 
ee —— N “ut 


Airplane image Hipan of ape ~ k 
1050 With | (i i ij N | | | 1050 | Ni | | 1 | l | | Mt | it HAN | 
ol nity i" li Wi a iy Wi 7 i | th fh i ny Wh i i 
Histogram of encrypted airplane image using Histogram of encrypted airplane image using CAST 
CAST with magic square with matrix 


Figure 4. Histogram distribution of original and encrypted from Lena and airplane 
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Table 2. Correlation coefficient for two proposed 
Correlation coefficient for: 


CAST-128 bit with magic square CAST 128-bit magic matric 2x2 

Image name The vertical correlation The horizontal correlation The vertical correlation The horizontal correlation 

coefficient coefficient coefficient coefficient 
Lena 0.4072 0.0364 -0.0068258 0.0038556 
Cat 0.00015 0.002273 -0.0026 -0.00088 
Airplane 0.4072 0.03643 0.00177 -0.000978 
Fruit 0.87098 0.02903 -0.00082 0.0031603 
Peppers 0.00065 0.008847 -0.00499 -0.00142 


4.5. Entropy analyses 

Entropy testing is a statistical method used to determine whether the encrypted image is random. 
Additionally, it demonstrates the amount of information that a ciphered image contains. The value of the 
entropy for the cipher image C [25], [26] can be computed using (8): 


H(C) = DEo* P(c) logs 5 (8) 


In (8), P(c;) represents the probability of occurrence of the symbol c; in cipher image C. The value 
of the entropy of encrypted image C and the ideal value of entropy H(C) is 8. In our two proposed methods, 
the entropy values calculated for encrypted image C are close to the ideal value as shown in Table 3. 


Table 3. Entropy analyses for two proposed 
Entropy analyses for: 
Image name Original image | CAST-128 bit with magic square | CAST-128 bit with magic matric 2x2 


Lena 74414 7.7337 7.6329 
Cat 3.4444 7.6917 7.5222 
Airplane 6.7167 7.8830 7.78332 
Fruit 7.0563 7.6587 7.6228 
Peppers 7.5797 7.6311 7.6316 


4.6. Analysis of differential attack 

Two measures that can be used to test the performance of cryptography systems are the number of 
pixels of change rate (NPCR) and unified average changing intensity (UACI). NPCR is used to assess the 
impact on the encrypted image of modifying a single pixel of the plain image. The average difference in 
colour intensity between two photos is calculated using UACI [27]-[29]. The results of these two measures 
are displayed in Table 4. 


Zij DJ) 
WxH 


NPCR = x 100% (9) 


0,C1(i, j) + C2(i, j) 


where D(i, j) = ea = C2(i, j) 


oa C10, j)-C2(i,j) 
UACI = —— yy, j EO x 100% (10) 


Where H, W represent the height and width of the image. 


Table 4. NPCR and UACTI for two proposed 
Resistance to differential attack results of the NPCR and UACI measure for: 
CAST-128 bit with magic square CAST-128 bit with magic matric 2x2 


Image name 


NPCR UACI NPCR UACI 
Lena 99.61 30.42 99.60 30.42 
Cat 99.61 44.55 99.60 44.09 
Airplane 99.62 32.65 99.62 32.62 
Fruit 99.62 30.51 99.60 32.63 
Peppers 99.61 32.13 99.61 32.14 
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4.7. Peak signal to noise ratio 

Peak signal to noise ratio (PSNR), is used to calculate the comparison between the original image and the 
encrypted image. The higher the PSNR, the closer the encrypted image is to the original, which correlates to a 
higher-quality image [30]. The two proposed methods produce convergent results for PSNR as shown in Table 5. 
Table 5 presents the results of the PSNR comparison between the original image, the image encrypted by 
CAST 128-bit with magic square, and the image encrypted by CAST 128-bit with matrix. These results 
demonstrate that the two proposed methods generate higher PSNR values than the original image. Therefore, 
the encrypted images are of higher quality. 


Table 5. PSNR for two proposed 


Encryption quality for: 
Image name CAST-128 bit with magic square CAST-128 bit with magic matric 2x2 

PSNR MSE PSNR MSE 
Lena 28.691 169.81 28.694 169.93 
Cat 25.095 209.34 25.378 206.19 
Airplane 25.950 167.07 25.999 164.64 
Fruit 27.141 122.12 27.296 136.33 
Peppers 27.927 56.83 26.727 57.09 


4.8. Comparison results 
Several protocols on CAST algorithm were proposed. As mentioned in section 2, however these 
protocol has some limitations regarding different security metrics. Table 6 summarizes the result. 


Table 6. Comparison results 
Randomness PSNR Entropy NPCR and UACI Histogram metric 


The two proposed protocols 
[16] 
[17] 
[18] 
[19] 
[20] 


SSSss 
xx KS 
SSSK 
L< xA 
KARR KS 


5. CONCLUSION 

Two modifications of the CAST 128-bit encryption algorithm have been proposed, using a magic 
square and a matrix. In the CAST 128-bit with magic square, a magic square of order 3 is used in place of an 
ordinary XOR process in every tour of the Feistel algorithm, a randomly generated key is used to fill the magic 
square. In the CAST 128-bit with matrix, a 2x2 matrix is used within each round of the algorithm in place of the 
XOR operation. A simultaneous result is presented on different coloured images in order to compare the two 
proposed CAST 128-bit algorithms. The proposed scheme is applied to the simulation framework and evaluates 
the security and performance using several measurements such as complexity, time to execute, histogram, 
correlation coefficient, entropy, key space, NPCR, UACI, PSNR, and National Institute of Standards and 
Technology (NIST) test in order to ensure the proposed algorithm is resistant to statistical attacks and brute 
force attack. The proposed methods perform well in many security tests. The proposed CAST with magic 
square requires less time to execute than the proposed matrix-based method. Conversely, the modification on 
CAST using a matrix is of high complexity compared with the CAST with magic square method. The proposed 
methods have been evaluated against noise, statistical, and differential attacks. 
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